bsilver at chrononomicon.com
Thu May 27 13:32:03 PDT 2004
On May 27, 2004, at 3:49 PM, Vince Hoffman wrote:
> I'm using it to store posix and samba users, handles XP and 2k
> authentication fine (dont have any 9x on the network,) All i'm doing is
> runing a samba PDC for a small network, and am using ldap as it means
> easy to have a BDC if needed and using pam_ldap and nss_ldap i can
> centralise my user database, anything that supports pam authentication
> authenticated again it (ie. the external ftp site, uw-imap, smtp auth
> (sasl2 using pam) and shell logins where needed, as well as the
> windows domain, (xp and 2k workstations, samba servers))
> If your interested who uses samba and how many users then look here
Maybe I'm approaching this the wrong way then.
I have multiple locations (VPN connected) with Windows2000/Win9x
clients. I need them to authenticate username/password pairs.
I wanted to use LDAP so that I could also eventually use the same
directory for a new email server to use as an authentication backend.
Depending on how the project would go, I'd like to have directory
lookups also work from this in email clients (in-house mail directory,
information on what room a staff member is based in, etc.)
Basically a central repository of directory information.
I would like to get some information like membership attributes...i.e.,
Bob is a member of "administrators". Sue is a member of
"ourbuilding_secretaries", and Alanis is also a member of
"building2_secretaries", so I can set share permissions on Samba for
Would a better approach be to have Samba set up on these authentication
servers, pointing to an LDAP backend? FreeBSD can use PAM easily?
(I've had to jump into Linux authentication for a RADIUS project many
moons ago, but haven't had to reconfigure anything regarding
authentication under FreeBSD before...please forgive the naivety :-)
Is there a way to have LDAP also handling the memberships, etc. for the
NT machines to understand the memberships for authorization of access
to shares, etc...so that it would be easy to spread this out to cache
machines in other buildings? If it can all be handled via LDAP, I
hoped slurpd would be all that's necessary on a set of SAMBA servers to
keep our databases in sync in each building...
More information about the freebsd-questions